<?php
header("Content-Type:text/html; charset=utf-8");
require_once("config.php");
$manage=$_POST["manage"];
$password=$_POST["password"];
$conn = mysqli_connect($cfg_dbhost,$cfg_dbuser,$cfg_dbpwd,$cfg_dbname);
function getIp() { 
     if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown")) 
         $ip = getenv("HTTP_CLIENT_IP"); 
     else 
         if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown")) 
             $ip = getenv("HTTP_X_FORWARDED_FOR"); 
         else 
             if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) 
                 $ip = getenv("REMOTE_ADDR"); 
             else 
                 if (isset ($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown")) 
                     $ip = $_SERVER['REMOTE_ADDR']; 
                 else 
                     $ip = "unknown"; 
     return ($ip); 
}
if($manage==''||$password==''){
echo "<script language=JavaScript>\r\n";
echo "alert('账户名密码不能为空！');\r\n";
echo "location.href='index.php'\r\n";
echo "</script>";
exit;
}
$query="select * from ph_admin where admin='".$manage."' and adminpass='".$password."'";
$result=mysqli_query($conn,$query);
if(mysqli_num_rows($result)<1){
echo "<script language=JavaScript>\r\n";
echo "alert('账户名或密码错误!');\r\n";
echo "location.href='index.php'\r\n";
echo "</script>";
}else{
session_start();
$row=mysqli_fetch_array($result);
if($row[status]=="yes"){
echo "<script language=JavaScript>\r\n";
echo "alert('该帐户已被锁定!');\r\n";
echo "location.href='index.php'\r\n";
echo "</script>";
exit;
}
$_SESSION["islogin"]="igiveyouthepower";
$_SESSION["managername"]=$manage;
$_SESSION["thetype"]=$row[thetype];
$sql = "INSERT INTO ph_login(ip,user_name,cdate)VALUES('".getIp()."','".$manage."','".date("Y-m-d H:i:s",time())."')";
mysqli_query($conn,$sql);
echo "<script language=JavaScript>\r\n";
echo "location.href='main.php'\r\n";
echo "</script>";
}
?>